Back to Question Center
0

Semalt: i-Gameover ZeuS Botnet

1 answers:

I-botnet ye-Gameover ZeuS isebenza kwi-Microsoft OS kwaye ifunyenwe ngo-2007. Kubangele iingxaki ezahlukahlukeneyo ngoku, kwaye abahlaseli baba ngaphezu kwezigidi ezingama-70. Kukho imiqondiso emibini kunye neempawu ezibonakaliswa emva kokungena kwe-botnet ye-Gameover ZeuS. Oomatshini abacwangcisiweyo baqala ukuqhuba imiyalelo. Ukuba idivayisi yakho ayisebenzi kakuhle kwaye unenkxalabo malunga nokukhuselwa kwedatha yakho, amathuba kukuba ikhompyutha yakho ibe yinxalenye yentanethi ye-botnet kwaye le yithuba lokuphucula ukusebenza kwayo yonke. Imiba yeebhennetshi ze-Gameover ZeuS ibonakalisa kokubili kumanqanaba amancinane namakhulu. I-Jason Adler, u-8 (Semalt wengcali, uchaza ukuba kukho iindlela ezahlukeneyo ze-Gameover ZeuS kubaphathi benethiwekhi, kodwa ezi zilandelayo zizona zilungileyo:

Ukufumana iBotnet nge-honeypot

Abaqeqeshi abaqhankqalazi kunye nabaqhankqalazi bezitifiketi bajonga ukudala i-honeypots kwaye bayithi into enhle. Ngamanye amaxesha i-Bottets ye-Gameover ZeuS ingafumaneka apha kwaye ibe yinxalenye yezixhobo zakho kalula. Ngokomzekelo, ukuba usebenzisa i-Suricata, eyisistim yokufunyanwa kwe-intrusion yamahhala, unokufuna ukufumana uluhlu lweebhennetshi ze-Gameover ZeuS ezibonakalayo kwinkqubo yakho. Ngelishwa, akunakwenzeka kuba uluhlu olupheleleyo luhlelwe ngabaculi kunye nemizamo yakho yokuxhuma i-intanethi okanye iseva yeC & C ibonakala ingenalusizo.

Ukufumana i-Botnet kwiiphelo

Ukubonwa kwebhokisi le-Gameover ye-Gameover ZeuS eqala umkhosi iqala ngesisombululo se-anti-virus kwaye yenza amanani amanqaku kwiiwebhusayithi zabaxumi. Kukhuselekile ukutsho ukuba iteknoloji ye-anti-virus ihluleka ukufumana izifo, ngoko umlawuli kufuneka abheke ezinye iingxaki. Ukubonwa kwebhotnet ekupheleni kwexesha lokugqibela kunokwenzeka xa ukhusela ukufakelwa kwe-rootkits kumadivayisi akho, unqakraza kwiintengiso ezingalindelekanga okanye kwiifestile ezikhuphayo, kwaye ugweme ukukhangela ngaphandle kwe-HTTPS. Ngokuqinisekileyo, ukuba isiphakeli sakho se-DNS sitshintshile, siya kuba yinkcazo ecacileyo yokuba i-hacker yenza okuthile kwindlela yakho kwaye kufuneka uthathe amanyathelo okukhawuleza.

Ukufumana i-Botnet kwinethiwekhi

Iinjongo ze-Gameover ZeuS ezisekelwe kwinethwekhi zinzima ukuzibona. Enye yeendlela zokuzibona nokubeka iliso kuxhomekeke kwingcingo yengxoxo. I-traffic ye-IRC ithunyelwe nge-encrypted, oko kuthetha ukuba i-hacker ifumene amagama angundoqo ewebsite yakho kwaye yena wasebenzisa kwakhona izinto ezimbi. Ukuba iimpazamo ezahlukileyo zenzeke ngokukhawuleza kwaye zixhomekeke kwiiwebhusayithi zangaphandle, oko kukubonakalisa kakuhle ukuba ukuhlaselwa kwe-DDOS eqhutywe nge-botnet kuqaliswe kwi-device yakho okanye kwikhompyutha. Ngaloo xesha, i-traffic ephumayo ingabangela iingxaki kuwe. Iindaba ezilungileyo kukuba i-botnets isenokugqitywa ngokupheleleyo kwiintsuku ezizayo.

Okwangoku, iingcali zijolise kwiisombululo ezivulekileyo ezifana ne-Snort, kunye neminikelo yokhuseleko edibeneyo njenge-AlienVault, ukujongana neebhotile. Kubalulekile ukuchonga umthombo wenethiwekhi ye-botnet, kwaye uyabulela uThixo, iingcali ze-IT zenze ukuba kwenzeke ngeendawo ezahlukeneyo zezixhobo kunye neenkqubo. Emva kokuba baye bahlalutya ubunjani kunye nempembelelo yeebhotile, banokukhawulela nokuphelisa iibhentshi zasekuhlaleni nakwamanye amazwe. Ngokomyinge, amawaka eebhennethi ze-Gameover ZeuS sele asusiwe, kwaye iingcali ziqhubeka zisebenza kule ngxaki. Kuthetha ukuba siya kuba nako ukulahla nayiphi na ixesha kwikamva.

November 29, 2017
Semalt: i-Gameover ZeuS Botnet
Reply